Add a new Pulumi Cloud, What Is It, topic page #14185
Open
+112
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Your site preview for commit 53b189b is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14185-53b189b6.s3-website.us-west-2.amazonaws.com. |
|
Aside @aaronkao I do think a few screenshots could go a long way. And maybe that table I had in the appendix in the Google Doc. Or perhaps they'd just distract -- I had a similar conundrum when adding links. What do you think? Worth the effort? |
aaronkao
approved these changes
Feb 26, 2025
There was a problem hiding this comment.
It overall seems fine.
I think it would be good to pair it with this grid I started to work on that walks through all the steps to DIY and the equivalent action done in PCloud. Its all broken up by jobs to be done and categorized by value/benefit.
|
|
||
| ## In Summary | ||
|
|
||
| Pulumi Cloud helps teams adopt collaborative, secure, and robust cloud engineering practices. Pulumi's infrastructure as code tool is [open source](https://github.com/pulumi), and by default it leverages Pulumi Cloud to make adopting IaC in your team easier, secure, and reliable out-of-the-box. |
There was a problem hiding this comment.
I don't think the definition of Pulumi Cloud in the first sentence is clear. I think we should answer with Pulumi Cloud is...
There was a problem hiding this comment.
Pulumi Cloud is a fully managed infrastructure management platform that covers three products...
probably some of the stuff in the 3rd paragraph can be moved into this paragraph
|
|
||
| * **Instant Collaboration**: provides a common place where developers, security experts, and infrastructure practitioners meet to automate, secure, and manage cloud infrastructure | ||
| * **Automatic Security**: ensures security best practices are built-in from the outset | ||
| * **Robustness, Performance, and Scalability** - automatically ensures reliability and scalability as your cloud needs grow, minimizing outages and the need to rearchitect your system over time |
There was a problem hiding this comment.
Suggested change
| * **Robustness, Performance, and Scalability** - automatically ensures reliability and scalability as your cloud needs grow, minimizing outages and the need to rearchitect your system over time | |
| * **Robustness, Performance, and Scalability**: automatically ensures reliability and scalability as your cloud needs grow, minimizing outages and the need to rearchitect your system over time |
replacing with colon to match other bullets
|
|
||
| So you've chosen to use Pulumi infrastructure as code, and are now deciding how to manage your state and whether Pulumi Cloud is a good fit? Or you've heard Pulumi is open source but aren't entirely clear on what part is fully open and free, and what is a paid Pulumi product? This page will give you a better understanding about the answers to these questions and everything in between. | ||
|
|
||
| ## In Summary |
There was a problem hiding this comment.
Just dropping my intro for my 2nd rev of PCloud vs DIY blog post here in case you want to steal from it...
Many companies are building internal developer platforms or modern infrastructure platforms to provide developer self-service while maintaining security and compliance. Companies adopt Pulumi IaC so they can apply software engineering to their infrastructure scaling problems and because it is fully open source with a strong community and public roadmap.
At Pulumi, we’re committed to open source—always have been, always will be. Our Pulumi IaC is entirely open source (Apache 2.0 license), meaning you can adopt and extend it however you like. If you’re new to Pulumi, the open source edition is an excellent way to start modernizing your infrastructure. But as your organization grows and the complexity of your environment increases, you may find yourself devoting significant time to rolling your own enterprise IaC backend features. That’s why we built Pulumi Cloud—to help you avoid building and maintaining these capabilities from scratch while ensuring you can automate, secure, and manage your infrastructure at scale.
Pulumi Cloud provides enterprise capabilities that make it easier to automate, secure, and manage these modern infrastructure platforms. However, not every organization has an immediate need for the enterprise features in Pulumi Cloud. Companies receive increasing value from Pulumi Cloud as their organization and their infrastructure platforms grow in size and complexity.
|
|
||
| The first thing you will notice with Pulumi Cloud is that all of your [projects, stacks, and resources](/docs/pulumi-cloud/projects-and-stacks/) are easy to see, search, and explore. A complete history of who has changed what, when, and how -- with full resource change diffs and links both into the source changes that triggered a deployment as well as forward links to the resources in your cloud consoles -- is always present. | ||
|
|
||
| All actions taken by teammates on Pulumi Cloud are logged for [full auditability](/docs/pulumi-cloud/admin/audit-logs/). Full deployment logs are also captured and easy to review to facilitate debugging failures. This is particularly useful for unattended deployments as is common with the [Pulumi Automation API](/automation) and [Pulumi Kubernetes Operator](/docs/iac/using-pulumi/continuous-delivery/pulumi-kubernetes-operator/). All deployment history for all time is maintained and organized. |
There was a problem hiding this comment.
unattended sounds like something went rogue
maybe "non-human deployments" sorta like how there is "non-human identities (NIH)" in the security space, meaning aka machines or agents
|
|
||
| Pulumi's projects and stacks model facilitates collaboration especially thanks to the IaC tool's configuration model, but Pulumi Cloud goes beyond this by offering Pulumi ESC, a way to define so-called environments that group together configuration and secrets that frequently version together. This enables Don't Repeat Yourself (DRY) practices so that you can secure access to cloud accounts, share sensitive information, and deliberately roll out changes to them, across many groups of projects and stacks that are related to each other. | ||
|
|
||
| Pulumi Cloud also offers short-lived stacks in the form of [Review Stacks](/docs/pulumi-cloud/deployments/review-stacks/) -- ephemeral environments stood up just for the duration of a Pull Request, making verification of changes much more robust and seamless -- as well as [Time-to-Live (TTL) Stacks](/docs/pulumi-cloud/deployments/ttl/), which ensure that temporary stacks get automatically cleaned up, enabling more productive engineering workflows without the risk of cloud waste. |
There was a problem hiding this comment.
TTL sorta doesn't fit into this section on Collaboration. It almost feels like it should be part of a Cost Savings or Operations
|
|
||
| Pulumi Cloud has [a rich identity model](/docs/pulumi-cloud/access-management/) that integrates with your security identity provider of choice, whether that is Azure Active Directory, Google Workspace, Okta, or any SAML/SSO provider, both to regulate all access to your cloud assets. | ||
|
|
||
| If you manage your IaC state with a DIY approach, you will need to come up with a scheme that works for your organization. It often looks simple at the outset -- perhaps you can just use AWS IAM for the S3 bucket you're storing state within -- but real teams at large scale seldom want to give all access to all engineers on the team. In fact, this may be the difference between passing and failing a compliance audit. |
There was a problem hiding this comment.
I think you not need to say "real teams" because every team is real even small ones, so we don't want to alienate them.
In some ways you can just spell out all the things you need to implement RBAC
- Create definitions of the roles (admin, developer) and permission groups (read only, deploy only, user management)
- Map permission groups to roles and assign roles directly to users or within IdPs.
- Apply permissions at the stack level (dev, test, prod)
- Implement approval workflows
|
|
||
| Pulumi Cloud is the easiest way to adopt Pulumi's open source IaC tool at scale, securely, reliably, and collaboratively. | ||
|
|
||
| That said, DIY backends are fully supported and this article's goal is to ensure you can make an educated decision about what is better suited for your use case. The[state and backends topic](/docs/iac/concepts/state-and-backends/) describes in-depth how Pulumi IaC uses Pulumi Cloud and DIY backends and other architectural considerations. |
There was a problem hiding this comment.
Suggested change
| That said, DIY backends are fully supported and this article's goal is to ensure you can make an educated decision about what is better suited for your use case. The[state and backends topic](/docs/iac/concepts/state-and-backends/) describes in-depth how Pulumi IaC uses Pulumi Cloud and DIY backends and other architectural considerations. | |
| That said, DIY backends are fully supported and this article's goal is to ensure you can make an educated decision about what is better suited for your use case. The [state and backends topic](/docs/iac/concepts/state-and-backends/) describes in-depth how Pulumi IaC uses Pulumi Cloud and DIY backends and other architectural considerations. |
|
Your site preview for commit a865188 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14185-a8651882.s3-website.us-west-2.amazonaws.com. |
thoward
approved these changes
Feb 26, 2025
|
|
||
| Pulumi Cloud is the easiest way to adopt Pulumi's open source IaC tool at scale, securely, reliably, and collaboratively. | ||
|
|
||
| That said, DIY backends are fully supported and this article's goal is to ensure you can make an educated decision about what is better suited for your use case. The [state and backends topic](/docs/iac/concepts/state-and-backends/) describes in-depth how Pulumi IaC uses Pulumi Cloud and DIY backends and other architectural considerations. |
There was a problem hiding this comment.
Suggested change
| That said, DIY backends are fully supported and this article's goal is to ensure you can make an educated decision about what is better suited for your use case. The [state and backends topic](/docs/iac/concepts/state-and-backends/) describes in-depth how Pulumi IaC uses Pulumi Cloud and DIY backends and other architectural considerations. | |
| That said, DIY backends are fully supported, and this article aims to help you make an informed decision about which option best suits your use case. The [state and backends topic](/docs/iac/concepts/state-and-backends/) describes in-depth how Pulumi IaC uses Pulumi Cloud and DIY backends and other architectural considerations. |
|
|
||
| By leveraging Pulumi Cloud, you get all of the above things automatically. This means more time to focus on solving your business challenges, versus undifferentiated DIY heavy lifting. | ||
|
|
||
| We have found that teams who use DIY backends require at least one full time engineer for every 10 end users in their team to just manage the DIY backend and build systems to ensure it is secure and scalable. They also have to maintain costly onboarding and training programs for using their custom DIY backend. Certain Pulumi capabilities can be exceedingly costly to replicate, like search, copilot, fault tolerance, and the various identity integrations like RBAC. And even with all of that, DIY capabilities typically fall far short of what Pulumi Cloud delivers out of the box (for instance, lacking the full history of who changed what and when). |
There was a problem hiding this comment.
Suggested change
| We have found that teams who use DIY backends require at least one full time engineer for every 10 end users in their team to just manage the DIY backend and build systems to ensure it is secure and scalable. They also have to maintain costly onboarding and training programs for using their custom DIY backend. Certain Pulumi capabilities can be exceedingly costly to replicate, like search, copilot, fault tolerance, and the various identity integrations like RBAC. And even with all of that, DIY capabilities typically fall far short of what Pulumi Cloud delivers out of the box (for instance, lacking the full history of who changed what and when). | |
| We have found that teams who use DIY backends require at least one full time engineer for every 10 end users in their team just to manage the DIY backend and build systems, and to ensure it is secure and scalable. They also have to maintain costly onboarding and training programs for using their custom DIY backend. Certain Pulumi capabilities can be exceedingly costly to replicate, like search, Copilot, fault tolerance, and the various identity integrations like RBAC. And even with all of that, DIY capabilities typically fall far short of what Pulumi Cloud delivers out of the box (for instance, lacking the full history of who changed what and when). |
|
|
||
| ### 5/ Cost Effectiveness | ||
|
|
||
| By leveraging Pulumi Cloud, you get all of the above things automatically. This means more time to focus on solving your business challenges, versus undifferentiated DIY heavy lifting. |
There was a problem hiding this comment.
Suggested change
| By leveraging Pulumi Cloud, you get all of the above things automatically. This means more time to focus on solving your business challenges, versus undifferentiated DIY heavy lifting. | |
| Using Pulumi Cloud, you automatically gain all of the above benefits. This means more time to focus on solving your business challenges, versus undifferentiated DIY heavy lifting. |
|
|
||
| Pulumi Cloud offers organization-wide policies thanks to Pulumi's policy as code engine, [Pulumi CrossGuard](/crossguard/), allowing you to enforce policies for security, compliance, cost, team practices, and more. This works over your IaC resources -- to block violations from ever getting deployed -- as well as it does to find and fix existing violations in your cloud accounts, no matter how they were provisioned thanks to Pulumi Insights. You can even auto-remediate violations, such as automatically tagging all AWS resources with certain configurable metadata. | ||
|
|
||
| Pulumi Cloud lets you set up [private templates](/docs/pulumi-cloud/developer-portals/templates/) for your organization so that end users spin up infrastructure using patterns you have designated for your team, using an [interactive Internal Developer Platform (IDP) experience](/docs/pulumi-cloud/developer-portals/new-project-wizard/). This, in combination with [Pulumi Components](/docs/iac/concepts/resources/components/), can help ensure you are adopting best practices at scale. Many infrastructure teams review their templates and components with their security counterparts to agree on safe patterns they'll use throughout the organization. |
There was a problem hiding this comment.
Suggested change
| Pulumi Cloud lets you set up [private templates](/docs/pulumi-cloud/developer-portals/templates/) for your organization so that end users spin up infrastructure using patterns you have designated for your team, using an [interactive Internal Developer Platform (IDP) experience](/docs/pulumi-cloud/developer-portals/new-project-wizard/). This, in combination with [Pulumi Components](/docs/iac/concepts/resources/components/), can help ensure you are adopting best practices at scale. Many infrastructure teams review their templates and components with their security counterparts to agree on safe patterns they'll use throughout the organization. | |
| Pulumi Cloud lets you set up [private templates](/docs/pulumi-cloud/developer-portals/templates/) for your organization which allows end users to spin up infrastructure following patterns you have designated for your team, within an [interactive Internal Developer Platform (IDP) experience](/docs/pulumi-cloud/developer-portals/new-project-wizard/). This, in combination with [Pulumi Components](/docs/iac/concepts/resources/components/), can help ensure you are adopting best practices at scale. Many infrastructure teams review their templates and components with their security counterparts to agree on safe patterns they'll use throughout the organization. |
|
|
||
| ### 4/ Governance and Extensibility | ||
|
|
||
| Pulumi Cloud makes it easier to ensure your team is using the cloud in the intended way, thanks to various policies and enforcement mechanisms not present in DIY backends. |
There was a problem hiding this comment.
Suggested change
| Pulumi Cloud makes it easier to ensure your team is using the cloud in the intended way, thanks to various policies and enforcement mechanisms not present in DIY backends. | |
| Pulumi Cloud makes it easier to ensure your team uses the cloud as intended, thanks to policies and enforcement mechanisms not present in DIY backends. |
|
|
||
| ### 2/ Automatic Security | ||
|
|
||
| Pulumi Cloud has [a rich identity model](/docs/pulumi-cloud/access-management/) that integrates with your security identity provider of choice, whether that is Azure Active Directory, Google Workspace, Okta, or any SAML/SSO provider, both to regulate all access to your cloud assets. |
There was a problem hiding this comment.
Suggested change
| Pulumi Cloud has [a rich identity model](/docs/pulumi-cloud/access-management/) that integrates with your security identity provider of choice, whether that is Azure Active Directory, Google Workspace, Okta, or any SAML/SSO provider, both to regulate all access to your cloud assets. | |
| Pulumi Cloud has [a rich identity model](/docs/pulumi-cloud/access-management/) that integrates with your security identity provider of choice, whether that is Azure Active Directory, Google Workspace, Okta, or any SAML/SSO provider, to regulate all access to your cloud assets. |
|
|
||
| Pulumi Cloud integrates with [over a dozen CI/CD systems](/docs/iac/using-pulumi/continuous-delivery/), such as GitHub Actions, GitLab Pipelines, Jenkins, etc., and has [a built-in deployment service](/docs/pulumi-cloud/deployments/) for easy Git-based deployments. The result is that configuring delivery pipelines with Pulumi Cloud is flexible so that if you want to collaborate with teammates using standard Git-driven code flows, like pull requests, code reviews, and branch-driven deployments, you can do so. The Pulumi GitHub App will put previews of your deployments right into the pull request comments, making reviews seamless. | ||
|
|
||
| Pulumi's projects and stacks model facilitates collaboration especially thanks to the IaC tool's configuration model, but Pulumi Cloud goes beyond this by offering Pulumi ESC, a way to define so-called environments that group together configuration and secrets that frequently version together. This enables Don't Repeat Yourself (DRY) practices so that you can secure access to cloud accounts, share sensitive information, and deliberately roll out changes to them, across many groups of projects and stacks that are related to each other. |
There was a problem hiding this comment.
Suggested change
| Pulumi's projects and stacks model facilitates collaboration especially thanks to the IaC tool's configuration model, but Pulumi Cloud goes beyond this by offering Pulumi ESC, a way to define so-called environments that group together configuration and secrets that frequently version together. This enables Don't Repeat Yourself (DRY) practices so that you can secure access to cloud accounts, share sensitive information, and deliberately roll out changes to them, across many groups of projects and stacks that are related to each other. | |
| Pulumi's projects and stacks model facilitates collaboration especially thanks to the IaC tool's configuration model, but Pulumi Cloud goes beyond this by offering Pulumi ESC, a way to group configuration and secrets that frequently change together into composable and versioned environments. This enables Don't Repeat Yourself (DRY) practices that help to secure access to cloud accounts, share sensitive information, and deliberately roll out changes across multiple related projects and stacks. |
|
|
||
| The first thing you will notice with Pulumi Cloud is that all of your [projects, stacks, and resources](/docs/pulumi-cloud/projects-and-stacks/) are easy to see, search, and explore. A complete history of who has changed what, when, and how -- with full resource change diffs and links both into the source changes that triggered a deployment as well as forward links to the resources in your cloud consoles -- is always present. | ||
|
|
||
| All actions taken by teammates on Pulumi Cloud are logged for [full auditability](/docs/pulumi-cloud/admin/audit-logs/). Full deployment logs are also captured and easy to review to facilitate debugging failures. This is particularly useful for unattended deployments as is common with the [Pulumi Automation API](/automation) and [Pulumi Kubernetes Operator](/docs/iac/using-pulumi/continuous-delivery/pulumi-kubernetes-operator/). All deployment history for all time is maintained and organized. |
There was a problem hiding this comment.
Suggested change
| All actions taken by teammates on Pulumi Cloud are logged for [full auditability](/docs/pulumi-cloud/admin/audit-logs/). Full deployment logs are also captured and easy to review to facilitate debugging failures. This is particularly useful for unattended deployments as is common with the [Pulumi Automation API](/automation) and [Pulumi Kubernetes Operator](/docs/iac/using-pulumi/continuous-delivery/pulumi-kubernetes-operator/). All deployment history for all time is maintained and organized. | |
| All actions taken by teammates on Pulumi Cloud are logged for [full auditability](/docs/pulumi-cloud/admin/audit-logs/). Full deployment logs are also captured and easy to review to facilitate debugging failures. This is particularly useful for automated deployments, as is common with the [Pulumi Automation API](/automation) and [Pulumi Kubernetes Operator](/docs/iac/using-pulumi/continuous-delivery/pulumi-kubernetes-operator/). All deployment history for all time is maintained and organized. |
|
|
||
| ### 1/ Instant Collaboration | ||
|
|
||
| The first thing you will notice with Pulumi Cloud is that all of your [projects, stacks, and resources](/docs/pulumi-cloud/projects-and-stacks/) are easy to see, search, and explore. A complete history of who has changed what, when, and how -- with full resource change diffs and links both into the source changes that triggered a deployment as well as forward links to the resources in your cloud consoles -- is always present. |
There was a problem hiding this comment.
Suggested change
| The first thing you will notice with Pulumi Cloud is that all of your [projects, stacks, and resources](/docs/pulumi-cloud/projects-and-stacks/) are easy to see, search, and explore. A complete history of who has changed what, when, and how -- with full resource change diffs and links both into the source changes that triggered a deployment as well as forward links to the resources in your cloud consoles -- is always present. | |
| The first thing you will notice with Pulumi Cloud is that all of your [projects, stacks, and resources](/docs/pulumi-cloud/projects-and-stacks/) are easy to see, search, and explore. A complete history is always available, of who has changed what, when, and how, with full resource change diffs, and links to both the source changes that triggered a deployment, as well as forward links to the resources in your cloud consoles. |
|
|
||
| Pulumi Cloud helps teams adopt collaborative, secure, and robust cloud engineering practices. Pulumi's infrastructure as code tool is [open source](https://github.com/pulumi), and by default it leverages Pulumi Cloud to make adopting IaC in your team easier, secure, and reliable out-of-the-box. | ||
|
|
||
| Pulumi IaC can be used with a different so-called "DIY" backend if you prefer, but it comes with some tradeoffs outlined below. From a numbers perspective, the Pulumi Cloud is the most popular way to use Pulumi -- so if you choose it, you're in good company. |
There was a problem hiding this comment.
Suggested change
| Pulumi IaC can be used with a different so-called "DIY" backend if you prefer, but it comes with some tradeoffs outlined below. From a numbers perspective, the Pulumi Cloud is the most popular way to use Pulumi -- so if you choose it, you're in good company. | |
| Pulumi IaC can be used with a so-called "DIY" backend if you prefer, but it comes with some tradeoffs outlined below. From a numbers perspective, Pulumi Cloud is the most popular way to use Pulumi -- so if you choose it, you're in good company. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.